Serverless-application-model: Support multiple regions - particularly CloudFront certificates (via stacks?)
Since CloudFormation is tied to a single region, if I want to deploy in somewhere like ap-southeast-2 then I'm unable to do things within the same template for a different region (eg. us-east-1). This becomes an issue when I want to create a certificate for a non-regional CloudFront distribution (which has to be created in us-east-1), certificates in non-regional API Gateway, etc.
I expect it would be possible to do this using stacks and exports (or manually.. of course), but not sure if/how I would do this in a 'SAM friendly' way.
If this is already possible, perhaps some documentation/an example of how to do this would be useful?
My current workaround is just to use regional certificates for API Gateway.
0xdevalias
All 4 comments
We (https://stackery.io) use custom resources to provision CloudFront certificates in us-east-1 even if the stack is created elsewhere. It's probably overkill to include into SAM directly, but it's your best bet for doing non-us-east-1 stacks with CloudFront distributions.
Feel free to reach me at [email protected] if you want any details about how we do it. Or feel free to try Stackery, see how we do it, and replicate the functionality yourself.
txase
on 6 Sep 2018
I was actually thinking that the custom resource route was going to be the way to go given the current state of things, though haven鈥檛 invested the time to explore that/contrast against what a stack based deploy might look like.
0xdevalias
on 6 Sep 2018
@0xdevalias one way to accomplish this is to have a CloudFormation stack in us-east-1 which creates your certificate, and then use Fn::ImportValue https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html to reference it in your stack in ap-southeast-2.
brettstack
on 8 Sep 2018
That was what I was thinking as well.. though hadn't yet explored whether I could deploy an entire 'stack' in a single SAM deploy.
0xdevalias
on 8 Sep 2018
Related issues
zeroastro
路
3Comments
kwcrook
路
3Comments
axpence
路
3Comments
vinkris
路
3Comments
patrickli
路
4Comments
Most helpful comment
We (https://stackery.io) use custom resources to provision CloudFront certificates in us-east-1 even if the stack is created elsewhere. It's probably overkill to include into SAM directly, but it's your best bet for doing non-us-east-1 stacks with CloudFront distributions.
Feel free to reach me at [email protected] if you want any details about how we do it. Or feel free to try Stackery, see how we do it, and replicate the functionality yourself.